Commit Graph

21 Commits

Author SHA1 Message Date
Balázs Orbán
2833b661bd feat(core): use named params in callbacks (#2173)
Some of our user-facing callbacks come with a bunch of parameters, and it is not always the case that a user needs all of them. Picking out certain parameters from the end of the list would require the user to define params that they wouldn't even need.

Therefore this PR changes such callbacks so the user can only pick the necessary parameters.

This comes with the bonus of better TS support on the `session` and `signIn` callbacks, where some parameters historically could have been different types.

In the `session` callback, the second param could have been `token` (when using JWT sessions) or `user` (when using DB persisted sessions). Now they are separate parameters.

In the `signIn` callback, we now separate `profile` (OAuth), `email` (Email) and `credentials` (Credentials) provider params.

BREAKING CHANGE:

The `callbacks` method signatures are changing the following way:

```diff
- signIn(user, account, profileOrEmailOrCredentials)
+ signIn({ user, account, profile, email, credentials })
```
```diff
- redirect(url, baseUrl)
+ redirect({ url, baseUrl })
```
```diff
- session(session, tokenOrUser)
+ session({ session, token, user })
```
```diff
- jwt(token, user, account, OAuthProfile, isNewUser)
+ jwt({ token, user, account, profile, isNewUser })
```

> NOTE: You only need to define the params that you actually need (no more need  for `_` params.)

This way, if you only need `token` and `account` in the `jwt` callback, you can write:

```js
jwt({ token, account }) {
  if(account) {
    token.accessToken = account.access_token
  }
  return token
}
```
2021-06-26 14:54:13 +02:00
Balázs Orbán
86baefdd9d feat(adapter): take away error handling from adapters (#1871) 2021-05-05 19:45:11 +02:00
Balázs Orbán
f6d6c4344c refactor: code base improvements 3 (#1072)
* refactor: extend res.{end,send,json}, redirect

* refactor: chain res methods, remove unnecessary ones

* refactor: simplify oauth callback signature

* refactor: code simplifications

* refactor: re-export everything from routes in one

* refactor: split up main index.js to multiple files

* refactor: simplify passing of provider(s) around

* refactor: extend req with callbackUrl inline

* refactor: simplify page rendering

* refactor: move error page redirects to main file, simplify renderer

* refactor: inline req.options definition

* refactor: simplify error fallbacks

* refactor: remove else branches and unnecessary try..catch

* refactor: add docs, and simplify jwt functions

* refactor: prefer errors object over switch..case in signin page

* feat: log all params sent to logger instead of only first

* refactor: fewer lines input validation

* refactor: remove even more unnecessary else branches
2021-02-01 10:01:10 +01:00
Balázs Orbán
0989ef6171 refactor: code base improvements (#959)
* chore: fix casing of OAuth

* refacotr: simplify default callbacks lib file

* refactor: use native URL instead of string concats

* refactor: move redirect to res.redirect, done to res.end

* refactor: move options to req

* refactor: improve IntelliSense, name all functions

* fix(lint): fix lint errors

* refactor: remove jwt-decode dependency

* refactor: refactor some callbacks to Promises

* revert: "refactor: use native URL instead of string concats"

Refs: 690c55b04089e4f3157424c816d43ee4cecb77a0

* chore: misc changes

Co-authored-by: Balazs Orban <balazs@nhi.no>
2021-02-01 10:01:10 +01:00
Luke Lau
6e2fc11d64 feat: Store user ID in sub claim of default JWT (#784)
This allows us to check if the user is signed in when using JWTs

Part of #625
2021-02-01 10:01:10 +01:00
Iain Collins
b4bb8bda26 Hotfix for email_verified bug
Not being saved by default on sign in. Discovered in #477
2020-07-27 05:20:34 +01:00
Iain Collins
af3da3abf8 Fix linting errors 2020-07-27 05:20:34 +01:00
Iain Collins
fb4381d8eb Implement JWE 2020-07-27 05:20:34 +01:00
Iain Collins
41b6bb7000 Fix linter errors 2020-06-21 02:32:03 +01:00
Iain Collins
eb6a7a45a5 Refactort timestamps, add email verified timestamp
* Saves email verified date on user when an email sign in link is used
* All timestamps now use UTC date objects in database
* Stored as UTC regardless of server timezone
* Tested with MySQL and MongoDB
* Investigating issues with Postgres
2020-06-21 01:44:41 +01:00
Iain Collins
966aa8245d Wire up supported events so they are triggered 2020-06-15 00:03:06 +01:00
Iain Collins
156c8e1e97 Make email addresses optional when signin in 2020-06-11 13:10:59 +01:00
Iain Collins
0d825bbc39 Refactor JWT, Sessions and add allowSignin() method (#223)
## Database

- [x] Databases are now optional - useful with OAuth + JWT if you only need access control
- [x] Updated documentation and added example code for custom database adapters

## JWT

- [x] JWT option is now an object that groups JWT related options together (was a boolean)
- [X] Refactored JWT lib and add AES encryption / decryption as well as signing / verification
- [x] Allows JWT encode/decode methods to be overridden as options
- [x] Contents of JWT can easily customised - without needing to use custom encode/decode
- [x] Exported JWT methods so they can be called from custom API routes
- [x] Updated documentation for new JWT options

## Sessions

- [x] All session options (eg. `maxAge`, `updateAge`) now grouped under single `session` option
- [x] Using JWT for sessions is now enabled from session object (`session.jwt: true`)
- [x] All options involving time now use seconds (instead of milliseconds) for consistency
- [x] Added option to customise the Session object that is returned from `/api/auth/session`
- [x] Update documentation for new Session options

## Other improvements

- [x] Added `allowSignin()` option to control what users / accounts are allowed to sign in
- [x] Refactored `callbackUrlHandler()` - this option  is now called `allowCallbackUrl()` 
- [x] Minor improvements to NextAuth.js client API methods
- [x] Minor to NextAuth.js API routes
- [x] Minor improvements to built-in error pages
- [x] Refactored database models
   All tables now include a `created` column for each row which contains the `datetime` of when the row (e.g. User / Account / Session) was created.
  Additionally, sessions now use the name 'expiry' for the expiry `datetime` value for consistency with other models.
2020-06-08 04:01:21 +01:00
Iain Collins
f8bfe0c613 Fix bug linking accounts when using JWT with Mongo
Resolves #198
2020-06-03 18:31:06 +01:00
Iain Collins
50b9743bb6 HOTFIX for incorrect params to createSession
Resolves #197
2020-06-03 09:14:51 +01:00
Iain Collins
ceb35cd036 Add JWT session support
* Now has jwt and jwtSecret options
* Set jwt: true to use JWT instead of DB for session
* Enable 'debug: true' to log JWT_SESSION_TOKEN to console if you want to see what it contains
* Magical!
2020-06-03 04:41:43 +01:00
Gerald Nolan
62f5d7ebe1 Refactor -> Remove oauth-apple 2020-05-27 14:30:15 +01:00
Gerald Nolan
fd6fceb884 Sign In with Apple 2020-05-27 14:30:15 +01:00
Iain Collins
4a00d5aca5 Fix error when missing email in profile
* Fixes #145
* See also #131

This doesn't allow signing in without an email address, but it handles it gracefully.
2020-05-23 03:55:41 +01:00
Iain Collins
5afa4f6e2b Refactor adapter logic
* Refactored adapter, with less redundant logic
* Removed logic from models
* Added email verification expiry support (defaults to 24 hours)
* Refactored session expiry handling and unified it with how email expiry works
* Default session expiry is still 30 days
* Now only updates expiry for a session at most once every 24 hours by default, to reduce writes to database
* Email verification max age, session max age and how often sessions are updated (to reduce database writes) are all simple options now
* Invalid sessionTokens are now deleted from the client
* Email verfication messages are now deleted once used (or when expired)
* Debug output is now an option (set `debug: true` to enable)
* Removed confusing options / callback from default adapter (except for passing in custom models/schemas)
* Adapter can now access all next-auth options, to make configuration easier
2020-05-19 02:08:10 +01:00
Iain Collins
df4c71496b Fix bugs with sign in flow and error handling 2020-05-17 17:45:00 +01:00